Capital Health Hospitals hit by cyberattack causing IT outages

Image: Famartin (CC BY-SA 4.0)

Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week.

The healthcare system manages two hospitals (the Regional Medical Center in Trenton and Capital Health Medical Center in Hopewell), an outpatient facility in Hamilton, and dozens of New Jersey primary and specialty care practices.

Capital Health confirmed that both hospitals are currently accepting incoming patients, including emergency rooms and all other locations, under protocols established for system downtime.

It also immediately notified relevant authorities after the incident was detected and is now working with law enforcement and third-party forensic and IT experts to restore impacted services.

The hospitals' IT team is focused on restoring systems, while surgeries are prioritized based on urgency and patient condition.

"Capital Health is experiencing network outages because of what we believe to be a cybersecurity incident; something we know is also being experienced at other health care organizations across the country. We are prioritizing safe patient care, while working to restore the network and address the impact of this disruption," the non-profit said.

"All Capital Health ERs remain open to those needing emergency care and our teams continue to provide the appropriate treatment for their medical condition. Both hospitals continue to admit and treat patients who need inpatient care and services.

"With our continued focus on delivering safe patient care, we made some changes to elective surgical and procedure schedules, but there is now minimal impact on surgical schedules. Outpatient radiology is currently not available, and neurophysiology and non-invasive cardiology testing will be rescheduled."

Systems down for at least one more week

Capital Health expects to operate with some system limitations for at least another week, but it couldn't provide a timeline for when the ongoing issues will be resolved entirely.

"At least 36 US hospitals have been impacted by ransomware this year. The systems operate 130 hospitals and at least 26/36 had data stolen," Emsisoft threat analyst Brett Callow said today.

Healthcare provider Ardent Health Services, which manages 30 hospitals across six U.S. states, disclosed earlier this week that it was hit by a ransomware attack last Thursday.

After the incident, Ardent emergency rooms were forced to redirect all incoming requiring emergency care to other hospitals in their area.

The federal government repeatedly warned about ransomware attacks on U.S. healthcare organizations since last year.

For instance, the U.S. Department of Health and Human Services (HHS) security team warned that the Royal. Venus, Maui, and Zeppelin ransomware operations are attacking Healthcare and Public Health (HPH) orgs.

CISA, FBI, and the HHS also alerted hospitals in October 2022 that the Daixin Team cybercrime group targets them in ransomware attacks.